Comments (9)
tomhughes
commented on May 27, 2024
There's probably not much point spending time on this if we're about to get rid of the intermediate page.
from openstreetmap-website.
milan-cvetkovic
commented on May 27, 2024
I discovered this by testing the signup page in #4455 , but the bug is inherited from master. I am not too sure how to fix it.
from openstreetmap-website.
tomhughes
commented on May 27, 2024
Well normally it would be discovered when the record is saved but that won't happen for a two phase signup like this so I think the first phase is supposed to run an explicit validation on the record but as I say that is about to go away and then the record save should catch it in the normal way.
from openstreetmap-website.
milan-cvetkovic
commented on May 27, 2024
I found the problem:
after_initialize :encrypt_password is invoked before the first time the form is validated in users_controller.create. This function modifies both password related fields, and effectively disables validations for them.
I will address this in #4455.
from openstreetmap-website.
tomhughes
commented on May 27, 2024
Ah that's my fault, and is a recent change as it used to be before_save but that was breaking other things :-(
from openstreetmap-website.
tomhughes
commented on May 27, 2024
Specifically aaed886 was the change - the before_save is in fact still there.
I'm not quite sure why it needed to hash it - the critical thing was including both copies in the session. Possibly I was just trying to avoid keeping unhashed passwords lying around.
from openstreetmap-website.
tomhughes
commented on May 27, 2024
So b155313 was the original fix - to preserve the second copy in the hash so that the before_save filter could work.
Apparently I then fairly quickly decided to try that alternative approach but I'm not sure if that was because the first one didn't work or I just thought it was better to hash earlier.
The original problem was that the change to storing attributes instead of user records in the sessions in 898a388 had broken password recording for new users because only one copy made it to the filter.
from openstreetmap-website.
milan-cvetkovic
commented on May 27, 2024
I think this has something to do that these two alternatives do not produce the same results:
self.current_user = User.new(user_params)
user1 = current_user
# user1.pass_crypt_confirmation is preserved
self.current_user = User.new(user_params)
user2 = User.new(current_user.slice(...,"pass_crypt_confirmation"))
# user2.pass_crypt_confirmation == nil, even though hash contains the key
I updated #4455 with fix for this issue.
from openstreetmap-website.
tomhughes
commented on May 27, 2024
Yes it's because the confirmation field is not real field that is in the database so attributes doesn't include it and moving the encryption earlier was my attempt to fix that at one in the morning when I was trying to get to bed...
from openstreetmap-website.
Related Issues (20)
- Setting an editor-preference HOT 2
- weird characters in font in canada map HOT 2
- "Mark as unread" doesn't do anything inside messages HOT 1
- Please add option to open website of modeled object HOT 4
- Centering lost after search on Android HOT 3
- Tags diff in object history HOT 2
- Cartography for dark mode HOT 2
- Post-merge UI review for #4455 HOT 2
- mirrored text in login in hebrew HOT 2
- Improve Github issues by modelling issues after Microsoft Powertoys repo HOT 3
- Avoid using Basic Authorization in tests HOT 1
- Maybe rate limit changeset size? HOT 8
- Improve the text of a mail about comments to a changeset HOT 11
- Cursor not in first input field of login form
- Allow notes to be moved HOT 4
- API: List IDs of hidden notes HOT 2
- Ideas for combating vandalism HOT 11
- Add "Like" button to diary entries HOT 2
- PUT /api/0.6/gpx/:id causes HTTP 500 Internal Server Error HOT 3
- Add original note in note reply email HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openstreetmap-website.